Message ID | 20100609120153.GF5483@bicker |
---|---|
State | Not Applicable |
Delegated to: | David Miller |
Headers | show |
On 06/09/2010 02:01 PM, Dan Carpenter wrote: > cb->atapi.cdb is an array of 16 u8 elements. The call too memset() > would set the first part of the sge array to zero as well. It's not > a packed struct. > > This one has been around for five years. I found it with Smatch. I > think the reason no one has seen it before is because we normally call > sil24_fill_sg() and that overwrites sge with proper information? Yeah, the table is built after the memset so it doesn't really break anything but still where did that 32 come from? :-) > Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: Tejun Heo <tj@kernel.org> Thanks.
On 06/09/2010 08:01 AM, Dan Carpenter wrote: > cb->atapi.cdb is an array of 16 u8 elements. The call too memset() > would set the first part of the sge array to zero as well. It's not > a packed struct. > > This one has been around for five years. I found it with Smatch. I > think the reason no one has seen it before is because we normally call > sil24_fill_sg() and that overwrites sge with proper information? > > Signed-off-by: Dan Carpenter<error27@gmail.com> > --- > I don't have this hardware myself so I can't test it. Sorry. :( > > diff --git a/drivers/ata/sata_sil24.c b/drivers/ata/sata_sil24.c > index e925051..9e459eb 100644 > --- a/drivers/ata/sata_sil24.c > +++ b/drivers/ata/sata_sil24.c > @@ -865,7 +865,7 @@ static void sil24_qc_prep(struct ata_queued_cmd *qc) > } else { > prb =&cb->atapi.prb; > sge = cb->atapi.sge; > - memset(cb->atapi.cdb, 0, 32); > + memset(cb->atapi.cdb, 0, sizeof(cb->atapi.cdb)); > memcpy(cb->atapi.cdb, qc->cdb, qc->dev->cdb_len); applied -- To unsubscribe from this list: send the line "unsubscribe linux-ide" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/ata/sata_sil24.c b/drivers/ata/sata_sil24.c index e925051..9e459eb 100644 --- a/drivers/ata/sata_sil24.c +++ b/drivers/ata/sata_sil24.c @@ -865,7 +865,7 @@ static void sil24_qc_prep(struct ata_queued_cmd *qc) } else { prb = &cb->atapi.prb; sge = cb->atapi.sge; - memset(cb->atapi.cdb, 0, 32); + memset(cb->atapi.cdb, 0, sizeof(cb->atapi.cdb)); memcpy(cb->atapi.cdb, qc->cdb, qc->dev->cdb_len); if (ata_is_data(qc->tf.protocol)) {
cb->atapi.cdb is an array of 16 u8 elements. The call too memset() would set the first part of the sge array to zero as well. It's not a packed struct. This one has been around for five years. I found it with Smatch. I think the reason no one has seen it before is because we normally call sil24_fill_sg() and that overwrites sge with proper information? Signed-off-by: Dan Carpenter <error27@gmail.com> --- I don't have this hardware myself so I can't test it. Sorry. :( -- To unsubscribe from this list: send the line "unsubscribe linux-ide" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html